Description
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
References (6)
Core 6
Core References
Mailing List, Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/26/4
Mailing List, Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/24/1
Patch, Vendor Advisory x_refsource_confirm
https://irssi.org/security/buf_pl_sa_2016.txt
Patch x_refsource_confirm
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93155
Scores
CVSS v3
3.3
EPSS
0.0008
EPSS Percentile
24.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-275
Status
published
Products (1)
irssi/buf.pl
< 2.13
Published
Feb 27, 2017
Tracked Since
Feb 18, 2026